CVE-2019-11048

2020-05-20T06:56:51
ID RH:CVE-2019-11048
Type redhatcve
Reporter redhat.com
Modified 2021-03-21T10:41:37

Description

A flaw was found in PHP under a non-default configuration, where it was vulnerable to integer wraparounds during the reception of a multipart POST request. This flaw allows a remote attacker to repeatedly crash PHP and fill the filesystem with temporary PHP files, resulting in a denial of service.

Mitigation

Ensure that post_max_size is set to a value less than 2GB, or remains default.